Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2018-05-15 10:04:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim" Tue May 15 10:04:24 2018 rev:48 rq:603159 version:4.91 Changes: -------- --- /work/SRC/openSUSE:Factory/exim/exim.changes 2017-12-08 13:03:33.996296609 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2018-05-15 10:30:59.673493531 +0200 @@ -1,0 +2,149 @@ +Mon Apr 16 13:57:17 UTC 2018 - wullin...@rz.uni-kiel.de + +- update to 4.91 + * DEFER rather than ERROR on redis cluster MOVED response. + * Catch and remove uninitialized value warning in exiqsumm + * Disallow '/' characters in queue names specified for the "queue=" ACL + modifier. This matches the restriction on the commandline. + * Fix pgsql lookup for multiple result-tuples with a single column. + Previously only the last row was returned. + * Bug 2217: Tighten up the parsing of DKIM signature headers. + * Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL. + * Fix issue with continued-connections when the DNS shifts unreliably. + * Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL. + * The "support for" informational output now, which built with Content + Scanning support, has a line for the malware scanner interfaces compiled + in. Interface can be individually included or not at build time. + * The "aveserver", "kavdaemon" and "mksd" interfaces are now not included + by the template makefile "src/EDITME". The "STREAM" support for an older + ClamAV interface method is removed. + * Bug 2223: Fix mysql lookup returns for the no-data case (when the number of + rows affected is given instead). + * The runtime Berkeley DB library version is now additionally output by + "exim -d -bV". Previously only the compile-time version was shown. + * Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating + SMTP connection. + * Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by + routers. + * Bug 2174: A timeout on connect for a callout was also erroneously seen as + a timeout on read on a GnuTLS initiating connection, resulting in the + initiating connection being dropped. + * Relax results from ACL control request to enable cutthrough, in + unsupported situations, from error to silently (except under debug) + ignoring. + * Fix Buffer overflow in base64d() (CVE-2018-6789) + * Fix bug in DKIM verify: a buffer overflow could corrupt the malloc + metadata, resulting in a crash in free(). + * Fix broken Heimdal GSSAPI authenticator integration. + * Bug 2113: Fix conversation closedown with the Avast malware scanner. + * Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail ACL. + * Speed up macro lookups during configuration file read, by skipping non- + macro text after a replacement (previously it was only once per line) and + by skipping builtin macros when searching for an uppercase lead character. + * DANE support moved from Experimental to mainline. The Makefile control + for the build is renamed. + * Fix memory leak during multi-message connections using STARTTLS. + * Bug 2236: When a DKIM verification result is overridden by ACL, DMARC + reported the original. Fix to report (as far as possible) the ACL + result replacing the original. + * Fix memory leak during multi-message connections using STARTTLS under + OpenSSL + * Bug 2242: Fix exim_dbmbuild to permit directoryless filenames. + * Fix utf8_downconvert propagation through a redirect router. + * Bug 2253: For logging delivery lines under PRDR, append the overall + DATA response info to the (existing) per-recipient response info for + the "C=" log element. + * Bug 2251: Fix ldap lookups that return a single attribute having zero- + length value. + * Support Avast multiline protocol, this allows passing flags to + newer versions of the scanner. + * Ensure that variables possibly set during message acceptance are marked + dead before release of memory in the daemon loop. + * Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such + as a multi-recipient message from a mailinglist manager). + * The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being + replaced by the ${authresults } expansion. + * Bug 2257: Fix pipe transport to not use a socket-only syscall. + * Set a handler for SIGTERM and call exit(3) if running as PID 1. This + allows proper process termination in container environments. + * Bug 2258: Fix spool_wireformat in combination with LMTP transport. + Previously the "final dot" had a newline after it; ensure it is CR,LF. + * SPF: remove support for the "spf" ACL condition outcome values "err_temp" + and "err_perm", deprecated since 4.83 when the RFC-defined words + " temperror" and "permerror" were introduced. + * Re-introduce enforcement of no cutthrough delivery on transports having + transport-filters or DKIM-signing. + * Cutthrough: for a final-dot response timeout (and nonunderstood responses) + in defer=pass mode supply a 450 to the initiator. Previously the message + would be spooled. + * DANE: add dane_require_tls_ciphers SMTP Transport option; if unset, + tls_require_ciphers is used as before. + * Malware Avast: Better match the Avast multiline protocol. + * Fix reinitialisation of DKIM logging variable between messages. + * Bug 2255: Revert the disable of the OpenSSL session caching. + * Add util/renew-opendmarc-tlds.sh script for safe renewal of public + suffix list. + * DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form, + since the IETF WG has not yet settled on that versus the original + "bare" representation. + * Fix syslog logging for syslog_timestamp=no and log_selector +millisec. + Previously the millisecond value corrupted the output. + Fix also for syslog_pid=no and log_selector +pid, for which the pid + corrupted the output. + +------------------------------------------------------------------- +Thu Mar 15 20:22:09 UTC 2018 - crrodrig...@opensuse.org + +- Replace xorg-x11-devel by individual pkgconfig() buildrequires. + +------------------------------------------------------------------- +Tue Feb 13 13:39:34 UTC 2018 - kbabi...@suse.com + +- update to 4.90.1 + * Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly + during configuration. Wildcards are allowed and expanded. + * Shorten the log line for daemon startup by collapsing adjacent sets of + identical IP addresses on different listening ports. Will also affect + "exiwhat" output. + * Tighten up the checking in isip4 (et al): dotted-quad components larger + than 255 are no longer allowed. + * Default openssl_options to include +no_ticket, to reduce load on peers. + Disable the session-cache too, which might reduce our load. Since we + currrectly use a new context for every connection, both as server and + client, there is no benefit for these. + * Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at + <https://reproducible-builds.org/specs/source-date-epoch/>. + * Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously + the check for any unsuccessful recipients did not notice the limit, and + erroneously found still-pending ones. + * Pipeline CHUNKING command and data together, on kernels that support + MSG_MORE. Only in-clear (not on TLS connections). + * Avoid using a temporary file during transport using dkim. Unless a + transport-filter is involved we can buffer the headers in memory for + creating the signature, and read the spool data file once for the + signature and again for transmission. + * Enable use of sendfile in Linux builds as default. It was disabled in + 4.77 as the kernel support then wasn't solid, having issues in 64bit + mode. Now, it's been long enough. Add support for FreeBSD also. + * Add commandline_checks_require_admin option. + * Do pipelining under TLS. + * For the "sock" variant of the malware scanner interface, accept an empty + cmdline element to get the documented default one. Previously it was + inaccessible. + * Prevent repeated use of -p/-oMr + * DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field, + if present. + * DKIM: when a message has multiple signatures matching an identity given + in dkim_verify_signers, run the dkim acl once for each. + * Support IDNA2008. + * The path option on a pipe transport is now expanded before use + * Have the EHLO response advertise VRFY, if there is a vrfy ACL defined. +- Several bug fixes +- Fix for buffer overflow in base64decode() (bsc#1079832 CVE-2018-6789) +- removed patches (included upstream now): + * exim-CVE-2017-1000369.patch + * exim-CVE-2017-16943.patch + * exim-CVE-2017-16944.patch + * exim-4.86.2-mariadb_102_compile_fix.patch + +------------------------------------------------------------------- Old: ---- exim-4.86.2-mariadb_102_compile_fix.patch exim-4.88.tar.bz2 exim-4.88.tar.bz2.asc exim-CVE-2017-1000369.patch exim-CVE-2017-16943.patch exim-CVE-2017-16944.patch New: ---- exim-4.91.tar.bz2 exim-4.91.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exim.spec ++++++ --- /var/tmp/diff_new_pack.k4VE9R/_old 2018-05-15 10:31:00.561460916 +0200 +++ /var/tmp/diff_new_pack.k4VE9R/_new 2018-05-15 10:31:00.565460769 +0200 @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -47,17 +47,12 @@ BuildRequires: openldap2-devel %endif BuildRequires: pcre-devel -%if %{?suse_version:1}%{?!suse_version:0} -BuildRequires: libopenssl-devel BuildRequires: tcpd-devel -BuildRequires: xorg-x11-devel -%else -BuildRequires: libXaw-devel -BuildRequires: libXext-devel -BuildRequires: libXt-devel -BuildRequires: openssl-devel -BuildRequires: tcp_wrappers -%endif +BuildRequires: pkgconfig(libcrypto) +BuildRequires: pkgconfig(libssl) +BuildRequires: pkgconfig(xaw7) +BuildRequires: pkgconfig(xmu) +BuildRequires: pkgconfig(xt) Url: http://www.exim.org/ Conflicts: sendmail sendmail-tls postfix Provides: smtp_daemon @@ -78,7 +73,7 @@ %endif Requires(pre): fileutils textutils %endif -Version: 4.88 +Version: 4.91 Release: 0 %if %{with_mysql} BuildRequires: mysql-devel @@ -90,11 +85,11 @@ BuildRequires: sqlite3-devel %endif Summary: The Exim Mail Transfer Agent, a Replacement for sendmail -License: GPL-2.0+ +License: GPL-2.0-or-later Group: Productivity/Networking/Email/Servers BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2 -Source3: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2.asc +Source: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2 +Source3: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc # http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc Source4: exim.keyring Source1: sysconfig.exim @@ -107,10 +102,6 @@ Source32: eximstats.conf-2.2 Source40: exim.service Patch0: exim-tail.patch -Patch3: exim-CVE-2017-1000369.patch -Patch4: exim-CVE-2017-16943.patch -Patch5: exim-CVE-2017-16944.patch -Patch6: exim-4.86.2-mariadb_102_compile_fix.patch %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue @@ -153,10 +144,6 @@ %prep %setup -q -n exim-%{version} %patch0 -%patch3 -p 1 -%patch4 -p 1 -%patch5 -p 1 -%patch6 -p 1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" @@ -294,7 +281,7 @@ EXPERIMENTAL_DSN=yes SYSTEM_ALIASES_FILE=/etc/aliases %if %{with dane} - EXPERIMENTAL_DANE=yes + DANE=yes %endif EXPERIMENTAL_SOCKS=yes %if %{with i18n} @@ -328,7 +315,7 @@ inst_info=$RPM_BUILD_ROOT/%{_infodir} \ INSTALL_ARG=-no_chown install #mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim -mv $RPM_BUILD_ROOT/usr/sbin/exim-4.8* $RPM_BUILD_ROOT/usr/sbin/exim +mv $RPM_BUILD_ROOT/usr/sbin/exim-4.9* $RPM_BUILD_ROOT/usr/sbin/exim mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done %if 0%{?suse_version} > 1220 install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service ++++++ exim-4.88.tar.bz2 -> exim-4.91.tar.bz2 ++++++ ++++ 72428 lines of diff (skipped)